Open Source Risk Mitigation Process
Many times when people speak about Open Source software, they only think of pieces of work like Linux and Apache HTTP Server but there are many other Open Source solutions which are not as large or mature. Some solutions are released by the same mature communities that released Linux and Apache HTTP Server but others do not yet project the same sense of comfort and longevity that The Apache Software Foundation (http://www.apache.org) does today. Regardless however of who releases the Open Source solution, the question remains the same, and that is, whether or not to use Open Source Solutions in production systems. The questions and research must address the issues of Security, Total Cost of Ownership (TCO), Licensing and Break/Fix before any recommendation can be made to use Open Source software. The hope is that these questions are asked and research is done before the answers or results are found to be unacceptable.
Read the Article
|
Preventing a Brute Force or Dictionary Attack: How to Keep the Brutes Away from Your Loot
A brute force attack, also known as a dictionary attack, is one of the more uncomplicated attacks available to a hacker. However, the odds of this type of attack succeeding can be very high if a site is not configured properly. Learn more about what can be done to defend a site against a brute force attack - including implementing incremental delays and carefully wording error messages - and which defensive strategies don't work.
Read the Article
|
Regulus Exposed
Masood Mehmood issues a scathing report on the Regulus logging software used by many ISPs. He includes step-by-step instructions illustrating how to compromise staff passwords and exploit other hidden bugs.
Read the Article
|
Secure Remote Server Administration of the Windows Server Family Using Windows Terminal Services
This paper provides an overview of Windows Terminal Services (WTS) and its operating scenarios. I discuss how to install and secure Windows Terminal Services. However, because WTS can be used as part of defense in depth strategy for secure computing, I also provide details for configuring a workstation environment to utilize WTS. In addition, I provide guidance for user account administration as it is relates to remote server support. Finally, I provide a framework for securely managing remote servers through standardized tools and workstation environment.
Read the Article
|
Security Scenarios in Analysis and Design
This article addresses the issue of designing security into systems rather than trying to add it to systems after development. It is found by surveying teaching materials that security is only given brief acknowledgement as a concern in software development and that security is not well integrated into development life cycles used in schools.
Read the Article
|
Service Account Vulnerabilities
As an Information Security (IS) specialist, you may be called on by your employer's software application developers to secure an application. This may be a purchased product or a product developed in house. In either case, the earlier an IS specialist is involved in the process, the better since an IS specialist's goals for a product differ from the developers. The application developer's goal is to provide the customer with the product they want and this may mean purchasing or developing a product which has exceptions to your employer's security standards. The developer is most concerned about producing the expected product. An IS specialist is also concerned about producing the expected product, but, one which is within the employer's security standards. Involving an IS specialist early in a project may reduce or eliminate security vulnerabilities by influencing the purchase of a product or how an in-house product's security is designed.
Read the Article
|
A Paper on the Promotion of Application Security Awareness
What does not make the headli ne news is the compromised application. The very application that holds the inf ormation, the jewel assets of the company that could have stolen the headl ines. Some how the application security does not make interesting reading material. Application security is not a new science and the same principals that apply to network security also apply to applicat ion security.
Read the Article
|
Application Security Cheat Sheet
Deploying application in a secure manner has become more critical today then ever before. Enterprises deploy several applications at very short notice. Business demands increased automation and more Internet enabled applications. Security is often considered after the application has been developed and is about to go live or in some cases even after the systems have gone live. This article takes a look at some of the critical factors that needs to be looked at for securing applications.
Read the Article
|
Database Security (Common-sense Principles)
So, let me begin this article with a brief synopsis of how security policies should be implemented and then move into actual system configuration.
Read the Article
|
Ebay Attack Online Jargon
The very definitive article explaining the art of performing ebay attacks and understanding the base against which the Ebay attacks are performed.
Read the Article
|
